tmpfiles: fix specifier expansion in arguments of C lines

Make sure the argument of "C" type undergoes specifier expansion
before it's checked for validity.  In particular, starting with
commit ce610af143b2, the check for path existence used to fail
in case of presence of any specifier in the argument.

Also, starting with commit 2f3b873a4973, when the path contains
a specifier and the argument is omitted, tmpfiles used to perform
specifier expansions twice: first specifier expansion was applied
to the path itself, and afterwards the result of the first expansion
was used in the constructed argument and expanded once again.

Finally, starting with commit 849958d1ba35, when the argument begins
with %h specifier, tmpfiles used to complain that the source path
is not absolute.

Resolves: #25381
Fixes: ce610af143b2 ('tmpfiles: in C lines, make missing source graceful error')
Fixes: 2f3b873a4973 ('tmpfiles: copy/link /usr/share/factory/ files when the source argument is omitted')
Fixes: 849958d1ba35 ('tmpfiles: add new "C" line for copying files or directories')

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 586a924cca8683f649f88e482c34dbe3d89289cb..54db55ff1f914b5d8417b34abbbc0efd4cf679aa 100644 (file)
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -3334,34 +3334,6 @@ static int parse_line(
                         *invalid_config = true;
                         return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG), "base64 decoding not supported for copy sources.");
                 }
-
-                if (!i.argument) {
-                        i.argument = path_join("/usr/share/factory", i.path);
-                        if (!i.argument)
-                                return log_oom();
-                } else if (!path_is_absolute(i.argument)) {
-                        *invalid_config = true;
-                        return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG), "Source path '%s' is not absolute.", i.argument);
-
-                }
-
-                if (!empty_or_root(arg_root)) {
-                        char *p;
-
-                        p = path_join(arg_root, i.argument);
-                        if (!p)
-                                return log_oom();
-                        free_and_replace(i.argument, p);
-                }
-
-                path_simplify(i.argument);
-
-                if (laccess(i.argument, F_OK) == -ENOENT) {
-                        /* Silently skip over lines where the source file is missing. */
-                        log_syntax(NULL, LOG_DEBUG, fname, line, 0, "Copy source path '%s' does not exist, skipping line.", i.argument);
-                        return 0;
-                }
-
                 break;
 
         case CREATE_CHAR_DEVICE:
@@ -3455,6 +3427,41 @@ static int parse_line(
                 }
         }
 
+        switch (i.type) {
+        case COPY_FILES:
+                if (!i.argument) {
+                        i.argument = path_join("/usr/share/factory", i.path);
+                        if (!i.argument)
+                                return log_oom();
+                } else if (!path_is_absolute(i.argument)) {
+                        *invalid_config = true;
+                        return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG), "Source path '%s' is not absolute.", i.argument);
+
+                }
+
+                if (!empty_or_root(arg_root)) {
+                        char *p;
+
+                        p = path_join(arg_root, i.argument);
+                        if (!p)
+                                return log_oom();
+                        free_and_replace(i.argument, p);
+                }
+
+                path_simplify(i.argument);
+
+                if (laccess(i.argument, F_OK) == -ENOENT) {
+                        /* Silently skip over lines where the source file is missing. */
+                        log_syntax(NULL, LOG_DEBUG, fname, line, 0, "Copy source path '%s' does not exist, skipping line.", i.argument);
+                        return 0;
+                }
+
+                break;
+
+        default:
+                break;
+        }
+
         if (from_cred) {
                 if (!i.argument)
                         return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EINVAL), "Reading from credential requested, but no credential name specified.");

diff --git a/test/units/testsuite-22.02.sh b/test/units/testsuite-22.02.sh
index 49c55f136b045a3e895c914ec3c0141b59f2db14..de28fa70446a1ab7a1cd9d50919624de0bf1e5dd 100755 (executable)
--- a/test/units/testsuite-22.02.sh
+++ b/test/units/testsuite-22.02.sh
@@ -97,7 +97,7 @@ test "$(stat -c %U:%G:%a /tmp/e/3/f1)" = "root:root:644"
 # 'C'
 #
 
-mkdir /tmp/C/{1,2,3}-origin
+mkdir /tmp/C/{0,1,2,3}-origin
 touch /tmp/C/{1,2,3}-origin/f1
 chmod 755 /tmp/C/{1,2,3}-origin/f1
 
@@ -121,3 +121,31 @@ EOF
 
 test "$(stat -c %U:%G:%a /tmp/C/3/f1)" = "root:root:644"
 test ! -e /tmp/C/4
+
+# Check that %U expands to 0, both in the path and in the argument.
+home='/tmp/C'
+systemd-tmpfiles --create - <<EOF
+C     $home/%U    - - - - $home/%U-origin
+EOF
+
+test -d "$home/0"
+
+# Check that %h expands to $home, both in the path and in the argument.
+HOME="$home" \
+systemd-tmpfiles --create - <<EOF
+C     %h/5    - - - - %h/3-origin
+EOF
+
+test -f "$home/5/f1"
+
+# Check that %h in the path is expanded, but
+# the result of this expansion is not expanded once again.
+root='/tmp/C/6'
+home='/%U'
+mkdir -p "$root/usr/share/factory$home"
+HOME="$home" \
+systemd-tmpfiles --create --root="$root" - <<EOF
+C     %h    - - - -
+EOF
+
+test -d "$root$home"